The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
8. It’s not Just Emails from Phishers to Worry About
• Exchange OWA / O365 password spraying
• Targeted mail scraping and extraction
• Malicious rule creation
• Passive account monitoring
• Auto Forwarding
• Email Spoofing
• VoIP and SMS Spoofing
• Data leakage
• General Malware
• …
13. Quick Metrics
• 90% of phishing attacks that make it through Office365 filters are never seen
by LogRhythm Employees…
• Those that make their way to inboxes are tracked, documented, and
quarantined following a report from a user.
• Of messages reported 75% are quarantined automatically
53. PIE Future Plans and Development Priorities
• 7.3.2 Case API Integration
• O365 URL Rewriting integration
• IDS, Firewall, and Endpoint integration
• Support for On-Premise Exchange
• Web Leaderboard and Open Metrics
• Implement Active Defense Scripts
• Seamless SIEM integration
• Community Integrations!
- What tools are you using?
- What else do you want to see PIE do?